github GitHub Changelog ·

GitHub Agentic Autofix for Code Scanning Alerts in Public Preview

securitypreviewengineer
feature announcement

GitHub is launching agentic autofix for code scanning alerts in public preview, allowing Copilot to automatically suggest and validate fixes for security vulnerabilities. This feature aims to streamline the remediation process by replicating developer workflows, enhancing security response times for affected engineers and architects. Access requires GitHub Code Security or Advanced Security and a Copilot license with the cloud agent enabled, with fixes taking 2-4 minutes and consuming AI credits and GitHub Actions minutes.

  • Agentic autofix for code scanning alerts available in public preview
  • Agentic autofix integrates with Copilot and GitHub security features
  • Access and prerequisites for agentic autofix
  • Billing implications for agentic autofix
Features (1)
  • Agentic autofix for code scanning alerts available in public preview

    Agentic autofix, now in public preview, remediates code scanning alerts by exploring code, proposing fixes, rerunning CodeQL for validation, and opening a pull request for review. The fix generation process typically takes 2-4 minutes and includes a summary of the solution and validation steps.

Enhancements (1)
  • Agentic autofix integrates with Copilot and GitHub security features

    This autofix feature replaces the previous 'Generate Fix' option with an 'Assign to Copilot' button, allowing users to trigger remediation from code scanning alerts or security campaigns. It can also be initiated via the Update a Code Scanning Alert REST API.

Notes (2)
  • Access and prerequisites for agentic autofix

    To use agentic autofix, organizations need an active GitHub Code Security or GitHub Advanced Security license, along with a Copilot license with the Copilot cloud agent enabled. Admins can disable this feature in settings or via enterprise policy.

  • Billing implications for agentic autofix

    During the public preview, agentic autofix consumes AI Credits from the organization's pool when a fix is run, and also uses GitHub Actions minutes. Usage is not itemized separately from other Copilot activities in this preview phase.

Read the original announcement →

https://github.blog/changelog/2026-07-10-agentic-autofix-for-code-scanning-alerts-in-public-preview

Related releases